Intrusion tolerance via network layer controls

O’Brien, Darragh; Smith, R.N.; Kappel, T.; Bitzer, C.

doi:10.1109/discex.2003.1194875

Cited by 8 publications

(2 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• Algorithm-driven [O'Brien et al, 2003, Verissimo et al, 2006, Zhang et al, 2005, Sliti et al, 2009 : these systems employ algorithms such as the voting algorithm, CHAPTER 2. ATTACK TOLERANCE: CHALLENGES & DIRECTIONS threshold cryptography, and fragmentation redundancy scattering (FRS) to harden their resilience.…”

Section: Attack Tolerance Techniquesmentioning

confidence: 99%

“…• Hybrid [Sousa et al, 2007a]: these systems combine different architectures mentioned above. [Wang and Upppalli, 2003, Chen et al, 2009, O'Brien et al, 2003 [ Stroud et al, 2004] Diversity [Wang and Upppalli, 2003, Chen et al, 2009, O'Brien et al, 2003] [Lala, 2003] FRS [Stroud et al, 2004, Zhang et al, 2005 Threshold cryptography [Ganger et al, 2001,Weinstein andLepanto, 2003] [ Lala, 2003] Recovery [Knight et al, 2001, Wang and Upppalli, 2003, Chen et al, 2009 [ Aung et al, 2005, Arsenault et al, 2007, Sousa et al, 2008, Reiser and Kapitza, 2007 Voting Upppalli, 2003, Valdes et al, 2002] [ Partha et al, 2006] Table 2.1 depicts the mapping between the attacks and the architectures. This study shows firstly that these architectures ensure tolerance to attacks for conventional distributed systems.…”

Section: Attack Tolerance Techniquesmentioning

confidence: 99%

See 1 more Smart Citation

Attack Tolerance for Services-Based Applications in the Cloud

Ouffoué

Zaïdi

Cavalli

2019

Testing Software and Systems

View full text Add to dashboard Cite

Web services allow the communication of heterogeneous systems on the Web. These facilities make them particularly suitable for deploying in the cloud. Although research on formalization and verification has improved trust in Web services, issues such as high availability and security are not fully addressed since the solutions proposed are sometimes attack-specific. In addition, Web services deployed in cloud infrastructures inherit their vulnerabilities. For example when different tenants in a cloud platform consume the same instance of the service, attacks such as side-channel can be performed by malicious tenants. Because of this limitation, they may be unable to perform their tasks perfectly. In this thesis, we claim that a good tolerance requires attack detection and continuous monitoring on the one hand; and reliable reaction mechanisms on the other hand. We therefore proposed a new formal monitoring methodology that takes into account the risks that our services may face. To implement this methodology, we first developed an approach of attack tolerance that leverages model-level diversity. We define a model of the system and derive more robust functionally equivalent variants that can replace the first one in case of attack. To avoid manually deriving the variants and to increase the level of diversity, we proposed a second complementary approach. The latter still consists in having different variants of our services; but unlike the first, we have a single model and the implementations differ at the language, source code and binaries levels. Moreover, to ensure detection of insider attacks, we investigated a new detection and reaction mechanism based on software reflection. While the program is running, we analyze the methods to detect malicious executions. When these malicious activities are detected, using reflection again, new efficient implementations are generated as a countermeasure. Finally, we leveraged a formal Web service testing framework by incorporating these complementary mechanisms in order to take advantage of the benefits of each of them. iii Résumé Les services Web permettent la communication de systèmes hétérogènes sur le Web. Ces facilités font que ces services sont particulièrement adaptés au déploiement dans le cloud. Les efforts de formalisation et de vérification permettent d'améliorer la confiance dans les services Web, néanmoins des problèmes tels que la haute disponibilité et la sécurité ne sont pas entièrement pris en compte. Par ailleurs, les services Web déployés dans une infrastructure cloud héritent des vulnérabilités de cette dernière. En raison de cette limitation, ils peuvent être incapables d'exécuter parfaitement leurs tâches. Dans cette thèse, nous pensons qu'une bonne tolérance nécessite un monitoring constant et des mécanismes de réaction fiables. Nous avons donc proposé une nouvelle méthodologie de monitoring tenant compte des risques auxquels peuvent être confrontés nos services. Pour mettre en oeuvre cette méthodologie, nous avons d'abord développé une méthode de ...

show abstract

Section: Attack Tolerance Techniquesmentioning

confidence: 99%